Destroy the Hard Drive to Protect the Data

With the onslaught of winter and the prospect of snow coming once again, I was lamenting our family’s recent summer vacation to San Diego and my fascination with watching the ocean rolling in over the beach during the course of a day – and being fascinated with the waves washing away the tell-tale traces of footprints left in the sand from my kids.

I remember thinking wouldn’t it be nice if we could simply wash away all the garbage from our lives and simply start clean each day with a fresh clean view of our own personal beach.

If only it were that simple!

The realities of work in the technology industry soon caught up with me as I dealt with a customer issue where one of their servers had experienced multiple drive failures, which in turn required a complete rebuild and restore of their system.

A service call had been placed, replacement drives shipped, and a tech support rep scheduled to swap out the bad drives the following morning. The only thing that could be done now was to wait for the server to be rebuilt and system restored.

I thought back to my beach experience, however, and wondered what happens to the drives that are swapped out? Are they destroyed? Are they simply thrown away? Or are they returned to the hardware vendor and sent out for refurbishment?

My concern was, even though the drive failed, that the data probably hadn’t and was still present on the disk platter. If those drives are sent out for refurbishment, are they scrubbed or simply taken apart, formatted, and put back in someone else’s servers after rebuild?

I turned to several folks who have extensive experience in the recovery of lost data both from a forensic background as well as a data recovery background and was surprised to learn that, yes, the customer’s old data was potentially accessible to someone who has the desire, tools and time to run a recovery process on it.

I then asked if the manufacturers who provide the “refurbed” drives actually cleansed the data and I could not get a good answer as to what actually takes place other than most are probably shipped overseas to be rebuilt and refurbished before being returned to service.

That shocking insight left me wondering could sensitive member data be floating around out in the world for some bored tech to run a recovery disk against to see what was there? The cold cruel answer was possibly yes.

Needless to say, I am a bit concerned to think of all the businesses and industries – credit unions included – served by these large hardware organizations that each have potential risks every time one of their drives fails as well.

Now factor in the ever-growing world of cloud storage and the massive arrays that house any and every kind of data out there and you begin to see why this might be a little disconcerting.

So without raising the panic alarm, I thought I would provide some general thoughts and guidelines for dealing with your data should you decide to get rid of old PCs, have a drive fail, or simply decide to donate your home computer.

In a nutshell, take out the old drive, take it to a company that specializes in shredding electronics and make sure you physically destroy that unit.

Yes, there are software programs that can cleanse data, and remove the majority of risk by overwriting sectors with random data etc., but that is a little hard to do if the drive is bad but the data on the platter isn’t. See my point?

So here is a final 2012 tech risk management tip of the year for you: If and when you have to call your hardware manufacturer for support on a bad drive, do not allow them to take that drive. Pay the deposit fee and then physically destroy the drive.

Yes, that may sound a bit extreme and a lot more work than most want to deal with, but unlike the ocean that seemingly washes away the footprints in the sand, all it takes is one large monster storm that uncovers a lost shipwreck of 100 years ago to remind us that all is not lost just because it is hidden from sight.